350-401 · Question #336
What is a characteristic of MACsec?
The correct answer is B. 802.1AE is bult between the host and switch using the MKA protocol, which negotiates encryption. MACsec (802.1AE) Explained Option B is correct because MACsec (802.1AE) operates at Layer 2 and is specifically built between a host and a switch using the MACsec Key Agreement (MKA) protocol, which is responsible for negotiating and managing the encryption keys and security para
Question
What is a characteristic of MACsec?
Options
- A802.1AE provides encryption and authentication services
- B802.1AE is bult between the host and switch using the MKA protocol, which negotiates encryption
- C802.1AE is bult between the host and switch using the MKA protocol using keys generated via the
- D802.1AE is negotiated using Cisco AnyConnect NAM and the SAP protocol
How the community answered
(32 responses)- A3% (1)
- B94% (30)
- D3% (1)
Explanation
MACsec (802.1AE) Explained
Option B is correct because MACsec (802.1AE) operates at Layer 2 and is specifically built between a host and a switch using the MACsec Key Agreement (MKA) protocol, which is responsible for negotiating and managing the encryption keys and security parameters for the secure channel.
Why the distractors are wrong:
- Option A is misleading because while 802.1AE does provide encryption and authentication, this statement alone is incomplete and doesn't describe a characteristic of how MACsec works - it's too vague to be the best answer.
- Option C appears to be an incomplete or truncated version of a statement (likely referencing EAP or 802.1X key generation), making it inaccurate and unfinished as written.
- Option D is incorrect because MACsec is not negotiated using Cisco AnyConnect NAM and SAP - SAP (Security Association Protocol) is associated with Cisco's older proprietary encryption method, not standard MACsec/MKA negotiation.
Memory Tip: Think "MACsec = MKA negotiates" - just as TLS uses a handshake to negotiate encryption, MACsec uses MKA to negotiate keys between the host and switch at Layer 2. If you remember the pairing MACsec ↔ MKA, option B will always stand out.
Topics
Community Discussion
No community discussion yet for this question.